Problem Statement for Renumbering IPv6 Hosts with Static Addresses in Enterprise Networks
draft-ietf-6renum-static-problem-03
Yes
(Barry Leiba)
(Ron Bonica)
(Wesley Eddy)
No Objection
(Benoît Claise)
(Gonzalo Camarillo)
(Martin Stiemerling)
(Robert Sparks)
(Russ Housley)
(Sean Turner)
(Stephen Farrell)
(Stewart Bryant)
Abstain
Note: This ballot was opened for revision 02 and is now closed.
Barry Leiba Former IESG member
Yes
Yes
(for -02)
Unknown
Ron Bonica Former IESG member
Yes
Yes
(for -02)
Unknown
Wesley Eddy Former IESG member
Yes
Yes
(for -02)
Unknown
Adrian Farrel Former IESG member
No Objection
No Objection
(2012-12-12 for -02)
Unknown
I have no objection to the publication of this document. I have a concern that the security considerations may need more work. For example, ACLs seem to rely on well-known IP addresses. Those addresses are often manually configured and the synchronisation during renumbering is surely a vulnerability. I am sure there are plenty of other issues that should be considered. === I also have some petty nits that you might want to address to improve the document. --- I would like it if for clarity the document title could reflect the limitation of this document to entreprise networks. --- ULA is used without expansion --- Section 2.7 It is quite common practice that some such addresses will have no corresponding DNS entry. Jane Austen and I would like to know whether you mean "quite" in the correct English sense as "completely", or in the modern sense of "relatively" or "somewhat". Actually, I suggest you delete the word. --- Section 3 The hanging rhetorical question in the first paragraph is disconcerting. Is this a question that someone doing renumbering should consider, or is it targeted at the reader of the document? Is the word "Alternatively" really appropriate since it suggests that the choice is between telling the NEs and NMS, and not disrupting the network. --- Section 3 therefore this situation should be avoided except for very small networks I presume you do not mean the situation of renumbering such networks! But how do we avoid the situation of networks that are numbered in the way you describe? For most existing networks, the only way to avoid the situation is to renumber! So I assume that you are giving advice to people deploying new equipment and networks - please make this clear.
Benoît Claise Former IESG member
No Objection
No Objection
(for -02)
Unknown
Brian Haberman Former IESG member
(was Discuss)
No Objection
No Objection
(2012-12-11 for -02)
Unknown
1. In the introduction, shouldn't the list of reasons to use static addresses include their use within ACLs and other security mechanisms based on IP addresses? If so, a corresponding subsection in section 2 would be warranted.
Gonzalo Camarillo Former IESG member
No Objection
No Objection
(for -02)
Unknown
Martin Stiemerling Former IESG member
No Objection
No Objection
(for -02)
Unknown
Pete Resnick Former IESG member
(was Discuss)
No Objection
No Objection
(2012-12-24)
Unknown
Thanks for clarifying section 2.3 in response to my comments. I hope to see more of this discussion continue in the other documents this group is working on.
Robert Sparks Former IESG member
No Objection
No Objection
(for -02)
Unknown
Russ Housley Former IESG member
No Objection
No Objection
(for -02)
Unknown
Sean Turner Former IESG member
No Objection
No Objection
(for -02)
Unknown
Stephen Farrell Former IESG member
No Objection
No Objection
(for -02)
Unknown
Stewart Bryant Former IESG member
No Objection
No Objection
(for -02)
Unknown
Ralph Droms Former IESG member
Abstain
Abstain
(2012-12-13 for -02)
Unknown
I'm entering Abstain for this document, because I think it has many flaws, some important and some less important, but still may be useful. Here are some of the problems I see in the document. DNS, mDNS and SLP are mentioned in the context of name resolution. Is SLP deployed widely enough to warrant mention? What about LLMNR and uPNP? I don't understand why ULAs are identified as somehow affecting the use or impact of static addresses. DHCPv6 PD should be mentioned in the context of prefix assignment. Is it really still common practice that " printers in particular are manually assigned a fixed address (typically an [RFC1918] address) and that users are told to manually configure printer access using that fixed address"? In section 2.3, addresses assigned through DHCPv6 are considered problematic because the address might expire, but later DHCPv6 is suggested as a way of assigning addresses to solve renumbering of static addresses. I don't understand the first sentence of 2.4. Isn't the requirement for a static address based on the need to maintain transport sessions over VM movement (which isn't really how I understand the first sentence). In section 2.5, if asset management is based on MAC addresses, why are static IP addresses an issue? I don't understand the connection between "If [...] a particular host is found to be generating some form of unwanted traffic, it is urgent to be able to track back from its IP address to its physical location" and renumbering of static addressing. How does "using addresses under an enterprise's ULA prefix for software licensing" solve the renumbering problem? There may be a clue in section 2.7, where addresses assigned from ULAs are suggested as the solution for renumbering network elements. Perhaps the bit I'm missing is that addressing from ULAs avoids forced renumbering when the organization prefix changes due to external causes? In section 2.7, this claim may be true: In any case, when network elements are renumbered, existing user sessions may not survive, because of temporary "destination unreachable" conditions being treated as fatal errors. This aspect needs further investigation. but what is its connection to renumbering static addresses? Section 2.8 makes a valid point about the relationship between static addresses and asset management, but goes into solution space when it talks about DHCPv6 for configuring static addresses. I don't understand the first paragraph of section 3. From section 3: 4. If external prefix renumbering is required, the RFC 4192 procedure is followed. What about renumbering required by strictly internal topology changes in the network? I.e., I think "external" can be dropped.